Plattform
java
Komponente
org.xwiki.platform:xwiki-platform-rest-server
Behoben in
1.8.1
16.0.1
16.5.1
15.10.16
CVE-2025-32969 represents a critical SQL Injection vulnerability discovered in the XWiki Platform REST Server. This flaw allows unauthenticated, remote attackers to bypass security measures and directly manipulate the database backend. The vulnerability impacts versions of XWiki Platform REST Server before 15.10.16 and can be resolved by upgrading to the patched version.
The impact of CVE-2025-32969 is severe. An attacker can leverage this SQL Injection vulnerability to execute arbitrary SQL statements against the database without authentication. This includes scenarios where the "Prevent unregistered users from viewing pages" and "Prevent unregistered users from editing pages" options are enabled, effectively bypassing intended access controls. Successful exploitation could lead to the exfiltration of sensitive data, such as password hashes, and even allow for unauthorized modification or deletion of data within the database. The potential for data breaches and system compromise is significant, particularly in environments where XWiki Platform is used to manage critical information.
CVE-2025-32969 was publicly disclosed on April 23, 2025. The vulnerability's ease of exploitation, combined with the potential for significant data compromise, suggests a medium to high probability of exploitation. No public proof-of-concept (PoC) code has been released at the time of writing, but the vulnerability's nature makes it likely that such code will emerge. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Organizations using XWiki Platform REST Server for content management, collaboration, or knowledge sharing are at risk. This includes deployments where the platform handles sensitive data, such as user credentials or financial information. Shared hosting environments where multiple users share the same XWiki instance are particularly vulnerable, as a compromise of one user's account could lead to broader system access.
• java / server: Monitor XWiki Platform REST Server logs for unusual SQL queries or error messages indicative of injection attempts. Use a WAF to filter potentially malicious SQL statements.
grep -i 'error: syntax' /var/log/xwiki/xwiki.log• database (mysql, postgresql): Monitor database audit logs for unexpected SQL commands originating from the XWiki Platform REST Server.
-- MySQL example
SELECT * FROM mysql.general_log WHERE command_type = 'Query' AND user = 'xwiki_user';• generic web: Monitor access logs for requests to XWiki REST API endpoints that might be vulnerable to SQL injection.
grep -i 'xwiki-platform-rest-server' /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
26.88% (96% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-32969 is to upgrade XWiki Platform REST Server to version 15.10.16 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds. While direct SQL Injection prevention is difficult without patching, strict input validation and parameterized queries (if possible within the XWiki environment) can reduce the attack surface. Review and restrict database user permissions to limit the potential damage from a successful injection. After upgrading, verify the fix by attempting to access restricted database resources through the REST API while unauthenticated; successful access indicates the vulnerability persists.
Actualice XWiki a la versión 16.10.1, 16.4.6 o 15.10.16, o a una versión posterior. Esto corrige la vulnerabilidad de inyección SQL en el endpoint de consulta de la API REST. No hay una solución alternativa disponible aparte de la actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-32969 is a critical SQL Injection vulnerability in XWiki Platform REST Server allowing unauthenticated attackers to execute arbitrary SQL queries, potentially compromising the database.
You are affected if you are using XWiki Platform REST Server versions prior to 15.10.16. Upgrade immediately to mitigate the risk.
Upgrade XWiki Platform REST Server to version 15.10.16 or later. If immediate upgrade is not possible, implement temporary workarounds like input validation and restricted database permissions.
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest a potential for active exploitation. Monitor security advisories and threat intelligence.
Refer to the official XWiki security advisory for detailed information and mitigation steps: [https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories](https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.